Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Platform » SBOM for eclipse products(Is there standarized way of producing a Software Bill Ff Materials for products basen on Eclipse Platform?)
SBOM for eclipse products [message #1856155] Wed, 23 November 2022 15:38 Go to next message
Nikola Veber is currently offline Nikola VeberFriend
Messages: 31
Registered: December 2017
Member
Hi,

assuming I am delivering a product based on some eclipse release as target platform, is there anything provided by the ecosystem that can produce a "baseline" SBOM?

I can't figure out how to trace back from the final update site to the original repositories (or other sources) of the provided components.


Cheers
Nikola

Report message to a moderator

Re: SBOM for eclipse products [message #1856182 is a reply to message #1856155] Thu, 24 November 2022 15:50 Go to previous messageGo to next message
Nikola Veber is currently offline Nikola VeberFriend
Messages: 31
Registered: December 2017
Member
I have got a lot of useful information from the build info : https://download.eclipse.org/staging/2022-06/buildInfo/reporeports/reports/
Also with using the dash tool: https://github.com/eclipse/dash-licenses

Am I missing any information sources that could help provide a IP report (licenses/copyrights/source locations) for an eclipse based product?
For example, where are the source locations for Bundles without an Eclipse-SourceReferences (total: 755) listed in https://download.eclipse.org/staging/2022-06/buildInfo/reporeports/reports/esdata.txt

Report message to a moderator

Re: SBOM for eclipse products [message #1856185 is a reply to message #1856182] Thu, 24 November 2022 16:49 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 33142
Registered: July 2009
Senior Member
This file maintain a list of references to git repositories of all the projects participating in the simultaneous release:

https://git.eclipse.org/c/simrel/org.eclipse.simrel.build.git/tree/simrel.aggran

More details about that are here:

https://ci.eclipse.org/simrel/

This includes a link to a setup where you can view that simrel.aggran in a structure editor.

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Previous Topic:Question CSD
Next Topic:Locale change and JFaceResources
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Apr 27 19:55:06 GMT 2024

Powered by FUDForum. Page generated in 0.02552 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly